Wall Street sign on street post

OCC Flags Warning Signs of Operational, Credit and Interest Rate Risks

Carol Beaumier, Senior Managing Director Risk and Compliance – New York

In its Fall 2019 Semiannual Risk Perspective, the Office of the Comptroller of the Currency (OCC) highlights operational, credit and interest rate risks among key risk themes posing threats to the financial institutions it regulates. The themes, addressed by the OCC in this report, cover current and emerging risks facing national banks and federal savings associations as of June 30, 2019.

The highlighted risks in the latest report align with the OCC’s 2020 fiscal year bank supervision operating plan, which lays out the regulator’s top supervisory priorities based on its view of significant risks impacting the banking system.

Operational Risks

According to the OCC, banks’ exposure to operational risks is on the rise as they adapt to a changing and increasingly complex operating environment. A key factor driving the elevation in operational risk is the need to adapt and evolve current technology systems for ongoing cybersecurity threats. In the regulator’s view, advances in technology and innovation in core banking systems create challenges and risks if they are not effectively understood, implemented or controlled.

Additional drivers of operational risks are the increasing use of third-party service providers, which requires effective planning and ongoing oversight, and the continued threat of fraud. The potential for operational disruptions underscores the need for effective controls and operational resilience to help ensure the ongoing delivery of financial products and services in a safe and sound manner.

The OCC’s comment on operational resilience is notable given the recent significant efforts by UK supervisory authorities to begin to formalize policy ideas around operational resilience. The Bank of England (BOE), the Prudential Regulation Authority (PRA) and the Financial Conduct Authority (FCA) issued the policy proposals in a series of coordinated consultation papers on December 5, 2019.

While UK regulators are leading the global regulatory effort to increase resilience supervision, operational and cybersecurity resilience have been on the OCC’s radar for several years. In the 2020 bank supervision operating plan, the regulator emphasizes threat vulnerability and detection, access controls and data management, and managing third-party connections, among its supervisory objectives. It also announced its intention to expand examinations into cybersecurity and operational resilience risks to include information technology risk management evaluation and institutions’ information technology systems maintenance.

Credit Risks

The latest report also highlights the OCC’s concern about credit risk, which the regulator stated has accumulated in many portfolios. While credit performance remains strong, the OCC warns banks to prepare for a cyclical change by maintaining robust credit control functions, particularly credit review, and by focusing on problem loan identification and workout, collections, and collateral management.

Banks should also be on the lookout for borrowers that are most vulnerable to reduced cash flows from slower than anticipated economic growth. Direct and indirect credit risk should be actively managed, and management should understand how risk outside the federal banking system, such as the leveraged loan market where nonbank entities continue to increase their participation, could migrate into the banking system or affect borrowers or the bank’s credit risk, the report states.

In response to the OCC’s concern about credit risk, its 2020 supervisory plan directs examiners to focus on evaluating credit risk appetites, risk layering and portfolio risk exposure.  

As credit risk concerns increase, Protiviti’s experts recommend the use of troubled asset tracking and reporting as a tool to support lender performance programs and facilitate timely and open communication between management and the board. These efforts can greatly enhance a bank’s ability to identify and manage borderline loans. Executive and board involvement should not be limited to loan approvals; it can also contribute to successful collection strategies for large non-performing credit relationships.

Interest Rate Risks

The report notes the elevated levels of interest rate risks due to recent volatility in market rates. Global banks are jittery about the potential effects of a prolonged low or negative interest rate environment given the potential impact on bank activities and risk exposures. The OCC expects lower interest rates with a flat or inverted U.S. yield curve to compress banks’ net interest margins (NIM) and profitability. Should the interest rate environment worsen, it could also impact loan growth and economic growth, and cause credit quality to deteriorate.

LIBOR Phaseout Risks

The potential phaseout of the London Interbank Offering Rate (LIBOR) as a reference rate after 2021 is another major risk concern on the OCC’s radar. In the latest report, the OCC said it will increase regulatory oversight of this area to evaluate banks’ awareness and preparedness for the change. The regulator said its examiners intend to evaluate whether banks have begun to assess their exposure to LIBOR to determine potential impacts and develop risk management strategies.

Financial institutions already have myriad concerns over the transition to a LIBOR replacement, including how legacy contracts that reference LIBOR would be altered to reference the new rate and document management challenges. Advanced data mining technologies and artificial intelligence are among the creative solutions that can help institutions manage the expected workload and transition risks.

Other Notable Risks

In its discussion of strategic risks facing the federal banking system, the OCC cited the following:

  • Non-depository financial institutions (NDFI) continue to disrupt retail and commercial lending markets and are strong competitors to bank lending models. According to the OCC, the pressure from NDFIs may lead banks to reduce costs, including those associated with risk control units.
  • Banks continue to invest in research and development to incorporate sophisticated capabilities such as artificial intelligence and machine learning to support Bank Secrecy Act (BSA), anti-money laundering (AML) compliance programs, and sanctions imposed by the Office of Foreign Assets Control under the U.S. Department of the Treasury. The OCC said the increasing interest in innovative and evolving technologies, such as sharing utilities to implement BSA/AML and sanctions processes and controls, exposes banks to strategic risks.

Protiviti’s experts continue to evaluate and offer strategic insights on how financial institutions can better manage and thrive in the changing risk environment. Subscribe to this blog for more perspectives on market trends, business developments and risks.

Learn about Protiviti’s Risk Management Consulting Services.

1 comment